Daily NCSC-FI news followup 2020-02-25

Mobile malware evolution 2019


Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT


Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users


Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks


New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers


Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing


Quick look at a couple of current online scam campaigns


Firefox for Mac and Linux to get a new security sandbox system

www.zdnet.com/article/firefox-for-mac-and-linux-to-get-a-new-security-sandbox-system/ RLBox is an innovative project because it takes sandboxing to the next level. Instead of isolating the app from the underlying operating system, RLBox separates an app’s internal components — namely its third-party libraries — from the app’s core engine.

RSAC 2020 Keynote: Changing the Worlds False Perception of Cybersecurity

threatpost.com/rsac-2020-keynote-changing-the-worlds-false-perception-of-cybersecurity/153203/ We are only as good as the story we leave behind, he said. The story we want is a business story of cyber resilience, not a technical story of cyber ping pong.. The struggle that we often see in these types of stories engenders pity and fear, but its not one of the defender, but one of the protected.

Sen. Schumer Pushes for TSA Employee Ban on TikTok App at Work

threatpost.com/sen-schumer-pushes-for-tsa-employee-ban-on-tiktok-app-at-work/153192/ The Department of Homeland Security and two U.S. military branches already had discontinued use of the app based on concerns over Chinese data-security and censorship practices.

Microsoft previews Microsoft Defender ATP for Linux


UK financial watchdog admits to leaking confidential consumer data

www.zdnet.com/article/uk-financial-watchdog-admits-to-leaking-confidential-consumer-data/#ftag=RSSbaffb68 A Freedom of Information Act request published on the FCA website revealed more than it should.

ASIO: Relentless advance of technology was outstripping our capabilities

www.zdnet.com/article/asio-relentless-advance-of-technology-was-outstripping-our-capabilities/ Australian Security Intelligence Organisation (ASIO) Director-General of Security Mike Burgess has praised the introduction of new powers such as those contained within Australia’s encryption legislation to help the spy agency combat the new battleground that technology has created.

Australian banks targeted by DDoS extortionists

www.zdnet.com/article/australian-banks-targeted-by-ddos-extortionists/ Hackers are sending emails to banks asking for large payments in Monero, and threatening DDoS attacks if their demands aren’t met.

North Korea Is Recycling Mac Malware. That’s Not the Worst Part

www.wired.com/story/malware-reuse-north-korea-lazarus-group/ Lazarus Group hackers have long plagued the internetusing at least one tool they picked up just by looking around online.

Password killer FIDO2 comes bounding into Azure Active Directory hybrid environments


New Mozart Malware Gets Commands, Hides Traffic Using DNS


PayPal Users Hit With Fraudulent ‘Target’ Charges via Google Pay

www.bleepingcomputer.com/news/security/paypal-users-hit-with-fraudulent-target-charges-via-google-pay/ Hackers are using an unknown method to make fraudulent charges on PayPal accounts linked via GooglePay. These transactions are being charged through Target stores or Starbucks in the United States even though the account holders are in Germany.

DoppelPaymer Ransomware Launches Site to Post Victim’s Data

www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/ The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted.

Credit Card Skimmer Running on 13 Sites, Despite Notification

www.bleepingcomputer.com/news/security/credit-card-skimmer-running-on-13-sites-despite-notification/ The tally of shopping websites infected by MageCart Group 12 with JavaScript that steals payment card info is seeing a sharp increase. Nearly 40 new victims have been discovered.

You might be interested in …

Daily NCSC-FI news followup 2020-05-28

Counter Threat Unit Researchers Publish Threat Group Definitions www.secureworks.com/blog/counter-threat-unit-researchers-publish-threat-group-definitions Today, the Secureworks® Counter Threat Unit (CTU) research team began publishing Threat Group profiles on the Secureworks website. The profiles include a summary of the groups, their objectives, other aliases by which the groups are known, and the malware they use. Both criminal and government-sponsored Threat […]

Read More

Daily NCSC-FI news followup 2020-03-24

Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-critical-vulnerabilities-in-adobe-photoshop.html This past January, I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2020. This past Tuesday (Mar 17, 2020), Adobe released several out-of-band security patches that addressed those vulnerabilities. They are identified as CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788 and CVE-2020-3789. […]

Read More

Daily NCSC-FI news followup 2020-07-26

DJI Drone App Riddled With Privacy Issues, Researchers Allege threatpost.com/dji-drone-app-riddled-with-privacy-issues-researchers-allege/157730/ Leading commercial drone maker DJI is hitting back against researcher allegations that its Android mobile application is riddled with privacy holes. One includes that the app continues to run in the background even after it’s been closed and collects sensitive data from users without consent. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.